| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
| |
This runs the signxml flavour on all Python versions and only runs all
other flavours on Python 2.6 and 3.6.
|
|
|
|
| |
Recent versions of flake8 changed the defaults of the errors to ignore.
|
| |
|
| |
|
|\ |
|
| |
| |
| |
| |
| |
| | |
This option can be used to skip a number of rows in the CSV file before
the key data is read. If the number of rows to skip is 0, the column
interpretation should be provided using the --columns option.
|
| |
| |
| |
| |
| | |
This option can be used to set key properties for all keys in the PSKC
file.
|
| |
| |
| |
| |
| |
| | |
This option can be used to override the list of columns as found in the
first line of the CSV file or provide a mapping for values found in the
first line to PSKC properties.
|
|/
|
|
|
|
| |
This script reads a CSV file and writes out a PSKC file with the key
information from the CSV file. The CSV file is expected to have one row
for each key and key property values in columns.
|
|
|
|
|
| |
This also installs pskc2csv and pskc2pskc console script entry points as
part of the package installation.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
This adds docstrings to public methods and cleans up a few other
docstrings to pass most flake8 docstring related tests.
This also adds noqa statements in a few places so we can remove most
entries from the global flake8 ignore list.
|
|
|
|
|
|
| |
This script reads a PSKC file in any supported format and writes out a
RFC 6030 compliant version of the file, optionally with the encryption
removed or (re-)encrypting the file with a new key.
|
|
|
|
|
|
|
|
| |
In some cases a PSKC file can be written with a MAC algorithm but
without a MAC key. This is possible when the MAC key is not supplied
(allowed in older PSKC versions) and a fallback to the encryption key is
done. If we have not yet decrypted the file the MAC key is not yet
available and so can't be included in the written file.
|
|
|
|
|
|
|
| |
This ensures that the encryption IV, which should be per encrypted value
is written out per encrypted value instead of globally. This is mostly
useful for when reading an old format PSKC file and writing out a RFC
6030 compliant one.
|
|
|
|
|
|
|
|
| |
This ensures that an encrypted MAC key is hanled in the same way as
normal encrypted data values.
This also ensures consistent fallback to the globally configured
encryption algorithm if no value has been set in the EncryptedValue.
|
|
|
|
|
| |
This ignores the value of the version attribute in the PSKC object and
always writes a PSKC 1.0 (RFC 6030) format file.
|
|
|
|
|
| |
This adds a function to decrypt all values and remove the encryption of
an encrypted PSKC file.
|
| |
|
|
|
|
| |
Fixes 1ff3237f, 84bfb8a6 and 20bf9c5
|
|
|
|
|
|
|
| |
This ensures that the tests also work without a TTY and work regardless
of the PYTHONWARNINGS and TZ environment variables
Fixes cd33833
|
| |
|
|
|
|
|
|
| |
This ignores the namespace declarations in the generated XML files
because not all implementations on all environments write these in the
same order.
|
|
|
|
| |
This also slightly tunes the way Sphinx documentation is built.
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
This property can be use to see whether the PSKC file needs an
additional pre-shared key or passphrase to decrypt any stored
information.
|
|\ |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds support for creating and verifying embedded XML signatures in
PSKC files. This uses the third-party signxml library for actual signing
and verification.
The signxml library has a dependency on lxml and defusedxml (and a few
others) but all parts of python-pskc still work correctly with our
without lxml and/or defusedxml and signxml is only required when working
with embedded signatures.
This modifies the tox configuration to skip the signature checks if
singxml is not installed and to only require 100% code coverage if the
signature tests are done.
|
| | |
|
|/ |
|
|
|
|
|
|
| |
This ensures that the file descriptor is closed if we opened the file.
This is not a big problem for the script (because the script exists
anyway) but causes problems for the tests.
|
|
|
|
|
| |
This makes the old name (pin_max_failed_attemtps) available as a
deprecated property.
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds basic support for parsing the PSKC files as specified in
draft-hoyer-keyprov-portable-symmetric-key-container-00 and
draft-hoyer-keyprov-portable-symmetric-key-container-01.
It should be able to extract secrets, counters, etc. but not all
properties from the PSKC file are supported.
It is speculated that this format resembles the "Verisign PSKC format"
that some applications produce.
|
|
|
|
|
|
|
| |
This adds tests for parsing the files that are shipped as part of the
multiOTP test suite.
https://www.multiotp.net/
|
|
|
|
|
|
|
|
|
|
|
| |
This changes the way encrypted values are stored internally before being
decrypted. For example, the internal _secret property can now be a
decrypted plain value or an EncryptedValue instance instead of always
being a DataType, simplifying some things (e.g. all XML
encoding/decoding is now done in the corresponding module).
This should not change the public API but does have consequences for
those who use custom serialisers or parsers.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
The cryptography library is better supported.
This uses the functions from cryptography for AES and Triple DES
encryption, replaces the (un)padding functions that were previously
implemented in python-pskc with cryptography and uses PBKDF2
implementation from hashlib.
|
|
|
|
|
|
| |
This uses pbkdf2_hmac() from hashlib for the PBKDF2 calculation.
The downside of this is that this function is only available since
Python 2.7.8.
|
|
|
|
|
|
| |
This uses os.urandom() as a source for random data and replaces other
utility functions. This also removes one import for getting the lengths
of Tripple DES keys.
|
|
|
|
|
|
| |
This avoids a using xml.dom.minidom to indent the XML tree and keep the
attributes ordered alphabetically. This also allows for customisations
to the XML formatting.
|
|
|
|
|
| |
Some Python versions don't have the algorithms_available property but do
have the algorithms property in hashlib.
|